Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
46336	2024-07-26 18:52	kyvbsa.pdf d73a838f5ca1608b145182bc05b98921 PDF					M		ZeroCERT

46337	2024-07-26 18:52	gdfvr.hta 2c663f0e924c1b0773b65541f610dc2f Generic Malware Antivirus PE File DLL PE32 .NET DLL Malware download VirusTotal Malware powershell suspicious privilege Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities powershell.exe wrote suspicious process AppData folder WriteConsoleW Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	1	6 Info ET INFO Executable Download from dotted-quad Host ET HUNTING Suspicious csrss.exe in URI ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	10.4	M	18	ZeroCERT

46338	2024-07-26 19:00	C.exe 9474b528235299dbbd8e6d7520df48e3 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware PDB WriteConsoleW				0.8		5	ZeroCERT

46339	2024-07-26 19:06	enter.exe 5aa3b4d694bc828650c63ade641f4581 Client SW User Data Stealer RedLine stealer browser info stealer Generic Malware Downloader Google Chrome User Data Malicious Library Malicious Packer UPX Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio Browser Info Stealer Malware download Amadey VirusTotal Malware AutoRuns MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Checks Bios Detects VMWare suspicious process AppData folder malicious URLs VMware anti-virtualization installed browsers check Tofsee Ransomware Windows Exploit Browser ComputerName DNS crashed	1 Keyword trend analysis	4	8 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET DROP Spamhaus DROP Listed Traffic Inbound group 33 ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 ET INFO Executable Download from dotted-quad Host ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	20.2	M	39	ZeroCERT

46340	2024-07-26 19:13	Pack de fonctions XLP.xlam ca44bdc6e8bc0d6d84538914be136fbe VBA_macro ZIP Format VirusTotal Malware unpack itself				1.2		2	guest

46341	2024-07-27 12:36	aaa.exe 1318fbc69b729539376cb6c9ac3cee4c Downloader Malicious Library Admin Tool (Sysinternals etc ...) UPX PE File PE32 DNS		1		2.0			ZeroCERT

46342	2024-07-27 12:38	22per.php.vbs 1f7c3d5b07e8e81501762bc87a897d96 Generic Malware Antivirus OS Processor Check Check memory unpack itself WriteConsoleW Windows Cryptographic key				1.0			ZeroCERT

46343	2024-07-27 12:39	random.exe e04afeeb6bb46b372bc1d7c2e2f25ead Generic Malware EnigmaProtector Malicious Library UPX Code injection AntiDebug AntiVM PE File PE32 OS Processor Check Malware download Amadey VirusTotal Malware AutoRuns MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files RWX flags setting exploit crash unpack itself Checks Bios Detects VMWare AppData folder malicious URLs VMware anti-virtualization installed browsers check Tofsee Ransomware Windows Exploit Browser ComputerName DNS crashed	1 Keyword trend analysis	4	8 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 33 ET INFO Executable Download from dotted-quad Host ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	18.0	M	38	ZeroCERT

46344	2024-07-27 12:39	22per2.php.vbs ed24c6df34810458f7e9967058404512 Generic Malware Antivirus OS Processor Check Check memory unpack itself WriteConsoleW Windows Cryptographic key				1.0			ZeroCERT

46345	2024-07-27 12:39	build2.exe 410e91a252ffe557a41e66a174cd6dcb Generic Malware Malicious Library PE File PE64 VirusTotal Malware Check memory unpack itself				1.8		22	ZeroCERT

46346	2024-07-27 12:41	PharmaciesDetection.exe 569720e2c07b1d34bac1366bf2b1c97a Generic Malware Downloader Malicious Library UPX Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM PE File PE32 OS Proces VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities suspicious process AppData folder sandbox evasion WriteConsoleW Windows ComputerName				6.6		12	ZeroCERT

46347	2024-07-27 12:42	InfluencedNervous.exe 1b0fe9739ef19752cb12647b6a4ba97b Generic Malware Suspicious_Script_Bin Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger WMI Creates executable files Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName				6.2		33	ZeroCERT

46348	2024-07-27 12:43	ldx111.exe 01519db4280c18b8ccd58235bf5a4048 .NET framework(MSIL) PWS AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted RWX flags setting unpack itself suspicious process WriteConsoleW Windows Cryptographic key				11.2	M	33	ZeroCERT

46349	2024-07-27 12:44	buildred.exe 4e0235942a9cde99ee2ee0ee1a736e4f RedLine stealer RedlineStealer Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft suspicious privilege Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	6 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 33 ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)	7.6	M	54	ZeroCERT

46350	2024-07-27 14:52	❉?????????????????????????????... 30d99024fb26c365e71bcdd860205eb4 AntiDebug AntiVM MSOffice File VirusTotal Malware MachineGuid Code Injection wscript.exe payload download Creates executable files exploit crash unpack itself Windows utilities suspicious process suspicious TLD Tofsee Windows Exploit DNS crashed		2	5	8.2		7	ZeroCERT